registry  /  @apexfdn/apex  /  1.0.5

@apexfdn/apex@1.0.5

Coding agent CLI with read, bash, edit, write tools and session management

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package has an install-time remote binary downloader. Source inspection does not show exfiltration or destructive behavior, but the downloaded executable is not verifiable from the package contents.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later runs apex CLI
Impact
Unpinned remote executable can change package behavior outside npm tarball review scope.
Mechanism
postinstall downloads and installs platform-specific native executable
Rationale
Static source inspection supports a warning for an unverified install-time remote executable, not a publish block for confirmed malware. The reviewed JS does not harvest credentials, mutate agent control surfaces, persist stealthily, or exfiltrate data.
Evidence
package.jsoninstall.jsapex.jsREADME.mdbin/apexbin/apex.exe
Network endpoints4
github.com/Apex-Foundation/copilot/releases/download/v1.0.5/apex-linux-x64github.com/Apex-Foundation/copilot/releases/download/v1.0.5/apex-darwin-arm64github.com/Apex-Foundation/copilot/releases/download/v1.0.5/apex-darwin-x64github.com/Apex-Foundation/copilot/releases/download/v1.0.5/apex-windows-x64.exe

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js downloads a platform executable from GitHub releases during install
  • install.js writes bin/apex or bin/apex.exe and chmods it executable
  • No checksum, signature, or pinned digest validation is present before execution by apex.js
Evidence against
  • apex.js only delegates user-invoked CLI args to the downloaded package binary
  • No source evidence of credential harvesting, destructive actions, persistence, or AI-agent config mutation
  • No obfuscated JavaScript or prompt/reviewer manipulation found
  • README describes a coding-agent CLI and optional user-configured Hindsight backend
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 2.38 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings